I am old enough to remember using a rotary phone — those outdated devices with the big wheel and finger holes. By the eighties, most, if not all, rotary phones had been replaced with touchtone. The transition to this newer technology was convenient and imperceptible because it was simpler and quicker to use. I distinctly recall having to use a rotary phone several years after adopting the touchtone. I was amazed at how quickly I had developed amnesia until being forced back to the past. I remember thinking how slow and laborious it was to dial any number, especially those that contained 8’s, 9’s, and 0’s. This analogy perfectly sums up how I feel about my personal experience before and after using a password manager. It’s a technology that has changed my life for the better, and I can never go back to my old ways.
I currently have over 140 different passwords between my various personal and professional websites. Keeping these organized and accessible was akin to dialing those 9’s and 0’s. I would write my passwords down in paper notebooks or store them in electronic spreadsheets. It’s all I had ever known and I didn’t know any differently.
So, what is a Password Management Tool?
Basically, it’s a small piece of software you use on any device to capture, organize, and search for your website credentials in an easier and more secure way. More advanced functionality allows you to:
- Integrate the software with your web browsers to autofill your username and password. I think the autofill feature alone is worth 10x the price of admission!
- View your passwords anywhere and on any device
- Autofill your digital payment options when making online purchases
- Share your passwords easily and securely with others and vice versa (and when you or they update a password it updates the other person automatically too)
- Auto-generate strong passwords
- Use dashboards that show you an overall password health score, alerts on websites that have been compromised, along with suggested actions you should take.
So what is the cost?
I’ll share my experience using both free and paid versions. When I first began using a password manager I chose the most inexpensive route, which is free! However, it is important to note the free versions generally limit your ability to store passwords on only one device, and they seldom contain any of the advanced features I have mentioned above. Free is a significant improvement over the old way and a great place to start or remain, but I found those restrictions limiting at times and in only a few months I upgraded to a paid version. Most products offer either a monthly or annual subscription and they are quite affordable for what you get for only be a few dollars a month. Several products, such as LastPass and Dashlane, even offer more affordable family and corporate sharing plans for many users and at a significant discount when compared to buying separate individual accounts. Another primary difference between free and paid versions is the storage and backup capabilities. The data you enter on free versions are usually stored only on the local device and offer no ability to backup and restore. Paid versions store the data securely in a remote cloud location, which provides you the ability to access your data on any device and to easily restore your data in the event of a lost or destroyed device. On average, I destroy a phone every 20 months, so I upgraded to a paid version to avoid the inevitable data loss. You can always start out with a free plan and easily upgrade to a paid plan down the road if you change your mind.
A Very Important Note
Password managers require you to remember one master password in order to access the application and your data. This is both super convenient and frightening. The companies behind the password manager will never know your master password, and therefore, cannot provide you with your password if you forget it. The best they can do is email you a hint that you created when you first set up your account, or potentially an account recovery process. Free versions may or may not have password hint or account recovery options, so it’s best to consider this in advance. Neither option is full proof, so I highly recommend you use a complex password you will not forget. My wife and I have taken it one step further and each placed our written master passwords in the most secure place we could think of — our family’s safe deposit box.
Health Scores and Alerts
I’ve found the health score and alerting dashboards to be useful and informative, and they’ve completely changed my approach on passwords. In the past, I had developed my own system of creating new passwords, even as I continued to use a password manager. I’d use a core password and add either a suffix or prefix, and maybe swap some letters or numbers. Example: srpw4455SRPW!, or srpw4455SRPW$. However, if any of the websites I use become compromised, then many of my other websites could become compromised too. It’s significantly easier for a hacker to launch a brute force attack when they have common elements to work with.
My health score dashboard shows me how many of the sites used common elements of my passwords, and despite how exceedingly smart and savvy I thought I was, my score actually sucked. I love to see the color green as opposed to red on any dashboard indicator, so I got to work on updating every single one of my passwords, all 140+ of them. I also decided to let go of my control over creating my passwords and delegated this to the password generator (which is much better at randomizing passwords than my feeble brain, and one of the unknowingly best decisions I’ve made). All of my passwords are now 18 characters or greater, super complex, share zero commonality with one another, and I couldn’t tell you what a single one of them is.
I highly recommend everyone use a password manager. They are easy to use, affordable, effective, efficient, and secure. I think it’s one of those technologies that, once you use, it’ll be difficult to imagine your online life without.
Check out this other useful tool: How Secure Is My Password from Security.org. I have this bookmarked in my browser favorites along with Dashlane’s convenient Password Generator Tool. It’s a way to test your password strength. Mine is 19 characters long and says it would take a computer about 500 quadrillion years to crack my master password. I’d love to hear what it says about yours!